Sure, they do spoof, but one could write a script that pokes around the
message content, looking for a URL or signature and use that instead.

I found some rulesets, 70_sare_evilnum*.cf, that seem to do what I want, but
I don't know how to use them; documentation is scarce for SpamAssassin. Does
anyone know what these files are and how to use them?

mouss-2 wrote:
>
> FractalBob wrote:
>> Can SpamAssassin be configured to use the domain in the sender e-mail
>> address
>> or in the message content itself as an input parameter to, say, a WHOIS
>> search, in order to locate either the sender or his ISP? I know this
>> would
>> be expensive, since it would require going out to the network, but it
>> could
>> be really useful. TIA!
>>

>
> - there is no usable whois interface for that. most whois sites will
> blacklist you if you knock them too much.
>
> - since spammers often forge the sender address, you don't really care
> of the corresponding whois infos.
>
>


--
View this message in context: http://www.nabble.com/Using-sender-e...p20381887.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.